Anker was caught in a catastrophe with its Eufy security cameras, which information security consultant Paul Moore discovered last November were uploading video from users’ cameras without their consent. Upload to the cloud. The bigger problem is that user content uploaded from Eufy cameras can be accessed through media players like VLC for others to watch. Anker claims its cameras use end-to-end encryption, with all content stored locally and only sent to devices on the user’s home network.
After months of uncertainty, Anker has finally admitted that its Eufy camera is not as encrypted as initially claimed, and that the company is working to fix the problem. In a series of emails to The Verge, Eric Vilines, Anker’s head of global communications, explained that the company is currently updating every Eufy camera to use WebRTC API fully encrypts video clips by AES and RSA algorithms.
Today, based on industry feedback and out of an abundance of caution, the eufy security portal now disables users from entering debug mode, and the code has been hardened and obfuscated. In addition, the video stream content is encrypted, which means that these video streams can no longer be played on third-party media players such as VLC.
Today, all video (live and recorded) sharing between user devices and the eufy Secure Web Portal or eufy Secure App uses end-to-end encryption, which is achieved using AES and RSA algorithms. – Eric Villines, Head of Global Communications, Anker
Anker claims the issue is under control and from now on all streaming requests will be end-to-end – end encryption . Additionally, Anker publicly apologized for its lack of transparency and hired an independent security audit firm to help improve Eufy’s products and practices.
Source 674
